REMARKS 

These remarks are filed in response to the Examiner's Report of 
November 9, 2007, a response to which is due by February 9, 2008. Accordingly, 
the Applicants respectfully submit that no extension of time fees fall due in 
connection with the filing of this paper. If the Applicants are mistaken, the 
Commissioner is hereby authorized to deduct any necessary fees from our Deposit 
Account No. 13-2400. 

Claims 1-34 are pending in the present application. 

The Examiner has rejected claims 1-6, 9-18, 21-28 and 31-34 under 
U.S.C. § 103(a) as being unpatentable over US patent Publication No. 
2003/0005118 to Williams (hereinafter "Williams") in view of US patent Publication 
No. 2004/0210771 to Wood et al. (hereinafter "Wood"). 

The Office Action was issued following the United States Supreme 
Court's decision in the case of KSR Int'l Co. v. Teleflex Inc. , No. 04-1350 (April 30, 
2007). In light of the KSR decision, Applicant wishes to address various issues 
pertaining to a proper analysis under section 103. 

The Examiner, by citing two references and asserting a reason for 
combining elements from the two references, has elected to base the rejection of 
claims 1-34 upon a teaching, suggestion or motivation to select and combine 
features from the cited references. Applicant wishes to point out that the Supreme 
Court's KSR decision did not reject use of a "teaching, suggestion or motivation" 

Page 9 of 17 



analysis as part of an obviousness analysis, characterizing the analysis as "a helpful 
insight." KSR slip op. at 14-15. 

When the Examiner chooses to base a rejection upon a teaching, 
suggestion or motivation analysis, the Examiner must satisfy the requirements of 
such an analysis. In particular, the Examiner must demonstrate with evidence and 
reasoned argument that there was a teaching, suggestion or motivation to select 
and combine features from the cited references, e.g., In re Lee , 61 USPQ2d 1430, 
1433 (Fed. Cir. 2002). Moreover, the prior art must suggest the desirability of the 
combination, not merely the feasibility, see In re Fulton , 73 USPQ2d 1141, 1145 
(Fed. Cir. 2004). 

In the event that the cited references fail to disclose or suggest all of 
the elements recited in the claims, then combining elements from the references 
would not yield the claimed subject matter, regardless of the extent of any teaching, 
suggestion or motivation. 

Although the Supreme Court did not reject use of a "teaching, 
suggestion or motivation" analysis, the Supreme Court did say that it was not the 
only possible analysis of an obviousness question. Because of the Examiner's chosen 
ground for rejection, however, the only pending ground for rejection must be a 
"teaching, suggestion or motivation" analysis. In the event that the Examiner 
chooses to consider a different avenue for rejection, this would be a new ground for 
rejection not due to any action by Applicant. Applicant has a right to be heard on 
any new ground for rejection. 
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Applicant further respectfully reminds the Examiner that, even after 
KSR, the following legal principles are still valid, having been endorsed by the 
Supreme Court or having been unaffected by its decision: (1) the USPTO still has 
the burden of proof on the issue of obviousness; (2) the USPTO must base its 
decision upon evidence, and it must support its decision with articulated reasoning 
(slip op. at 14); (3) merely demonstrating that all elements of the claimed invention 
exist in the prior art is not sufficient to support a determination of obviousness (slip 
op. at 14-15); (4) hindsight has no place in an obviousness analysis (slip op. at 17); 
and (5) Applicant is entitled to a careful, thorough, professional examination of the 
claims (slip op. at 7, 23, in which the Supreme Court remarked that a poor 
examination reflected poorly upon the USPTO). 

Claim 1 has been amended for clarity and to specify that the 
transmission of a session token from one server to another is performed directly 
and, consequently, not via a browser. Claims 2 through 10 have been amended for 
consistency with amended claim 1. 

Claim 1, as amended, requires "redirecting said request to the second 
server, including transmitting said session token directly to the second server". The 
basis for the amendment may be found in paragraph [0038]. 

The Examiner cites a passage in Williams wherein the redirection of a 
request from a first server to a second server is disclosed. The Examiner points to 
lines 12-18 of paragraph [0067] where Williams merely provides a general definition 
of a redirect as allowing "a server to respond to a client request with instructions to 

Page 11 of 17 



load a resource at a different location". Williams sets out that "most browsers will 
automatically request the new resource in response to a redirect". Further, Williams 
specifies that "When the browser receives the HTTP redirect, the browser issues a 
new HTTP Request using the redirected URI provided in the HTTP redirect". A good 
example of this type of redirection is when a website's address is changed to a new 
address - when a request is made to the server for the old website, the server 
responds and provides a new location to the browser. The browser, upon receiving 
the response from the server providing the new location, will issue a new HTTP 
Request using the redirected URI (location) provided in the HTTP Redirect. Most 
browsers will automatically redirect the client to the new location. 

The Examiner then admits that Williams does not specifically disclose 
"including transmitting said session token to the second server". The Examiner then 
cites Wood. The first sentence of one of cited paragraph [0051] reads "A session 
token is passed to browser 170 in conjunction with the redirect (5) to login 
component 120." That is, Wood advocates transmitting a session token with the URI 
provided in the HTTP Redirect transmitted to the browser in response to a request. 
The browser may then include the session token with a request transmitted to the 
second server. 

It is noted in paragraph [0038] of the disclosure of the present 

application that "The second server 12b cannot be presumed to be able to decrypt 

the session token so as to obtain the session ID and timestamp." Accordingly, the 

direct passage of a decrypted session token from a first server to a second server is 

preferred over a scheme arising from a combination of Williams and Wood wherein a 
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session token is transferred from the first server to the browser (as part of a 
redirection) and then from the browser to the second server (as part of a reiteration 
of an original request). In one case, a decrypted session token is transmitted to the 
browser and subsequently, by the browser, to the second server. Such as scheme 
may be considered insecure. In another case, an encrypted session token is 
transmitted to the browser and subsequently, by the browser, to the second server. 
Such as scheme may be considered unworkable if the second server has difficulty 
decrypting the encrypted session token. 

Since it is submitted that neither Williams, nor Wood, nor a 
combination of Williams and Wood suggest or disclose transmitting a session token, 
received along with a request, directly to a second server, it is further submitted 
that the method of claim 1 is not obvious over Williams in view of Wood. It is 
respectfully requested that the Examiner withdraw the rejection of claim 1, and 
claims 2-6 and 9-12 dependent, either directly or indirectly, thereon, as obvious 
over Williams in view of Wood. 

Claim 13 has been amended for clarity and to specify that the 

transmission of a session token from one server to another is performed directly, 
i.e., not via a browser. Claims 15, 16, 17 and 21 have been amended for 
consistency with amended claim 13. 

Claim 13 is directed to a system for secure session management. The 
system of claim 13 includes a first server including a first request handler. Claim 13, 
as amended for consistency with amended claim 1, requires that the first request 
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handler be adapted to transmit a decrypted session token directly to a second 
server. 

Further to the discussion above, it is submitted that neither Williams, 
nor Wood, nor a combination of Williams and Wood suggest or disclose a first 
request handler transmitting a session token, received along with a request, directly 
to a second server. Accordingly, it is submitted that the system of claim 13 is not 
obvious over Williams in view of Wood. It is respectfully requested that the 
Examiner withdraw the rejection of claim 13, and claims 14-18 dependent, either 
directly or indirectly, thereon, as obvious over Williams in view of Wood. 

Claim 23 has been amended for clarity and to specify that the 
transmission of a session token from one server to another is performed directly, 
i.e., not via a browser. Claims 25, 26, 27, 31 and 32 have been amended for 
consistency with amended claim 23. 

Claim 23 is directed to a computer program product having a 
computer-readable medium tangibly embodying computer executable instructions 
for secure session management. The computer program product of claim 23 
includes computer executable instructions for transmitting a session token directly 
to a second server. Further to the discussion above, it is submitted that neither 
Williams, nor Wood, nor a combination of Williams and Wood suggest or disclose 
computer program product including computer executable instructions for 
transmitting a decrypted session token directly to the second server. Accordingly, it 
is submitted that the computer program product of claim 23 is not obvious over 
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Williams in view of Wood. It is respectfully requested that the Examiner withdraw 
the rejection of claim 23, and claims 24-28 and 31-34 dependent, either directly or 
indirectly, thereon, as obvious over Williams in view of Wood. 

The Examiner has rejected claims 7 and 8 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Bachman. 
Claims 7 and 8 depend indirectly from claim 1 and add limitations. The Examiner 
contends that the combination of Williams and Wood discloses most of the subject 
matter of claims 7 and 8 and cites Bachman to illustrate that the additional 
limitations added by claims 7 and 8 were known at the time the claimed inventions 
was made. Without regard to whether Bachman discloses the limitations added by 
claims 7 and 8, it is submitted that Bachman does not suggest or disclose 
transmitting a session token directly to a second server as required by claim 1. 

Since it is submitted that neither Williams, nor Wood, nor Bachman, 
nor a combination of Williams, Wood and Bachman suggest or disclose transmitting 
a session token, received along with a request, directly to a second server, it is 
further submitted that the method of claims 7 and 8 are patentable over Williams in 
view of Bachman. It is respectfully requested that the Examiner withdraw the 
rejection of claims 7 and 8 as obvious. 

The Examiner has rejected claims 19 and 20 under 35 U.S.C. § 103(a) 
as being unpatentable over Williams in view of Wood in further view of Bachman. 
Claims 19 and 20 depend indirectly from claim 13 and add limitations. The Examiner 
contends that the combination of Williams and Wood discloses most of the subject 
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matter of claims 19 and 20 and cites Bachman to illustrate that the additional 
limitations added by claims 19 and 20 were known at the time the claimed 
inventions was made. Without regard to whether Bachman discloses the limitations 
added by claims 19 and 20, it is submitted that Bachman does not suggest or 
disclose a first request handler transmitting a session token, received along with a 
request, directly to a second server, as required by claim 13. 

Since it is submitted that neither Williams, nor Wood, nor Bachman, 
nor a combination of Williams, Wood and Bachman suggest or disclose a first 
request handler transmitting a session token, received along with a request, directly 
to a second server, it is further submitted that the system of claims 19 and 20 are 
patentable over Williams in view of Bachman. It is respectfully requested that the 
Examiner withdraw the rejection of claims 19 and 20 as obvious. 

The Examiner has rejected claims 29 and 30 under 35 U.S.C. § 103(a) 
as being unpatentable over Williams in view of Wood in further view of Bachman. 
Claims 29 and 30 depend indirectly from claim 23 and add limitations. The Examiner 
contends that Williams discloses most of the subject matter of claims 29 and 30 and 
cites Bachman to illustrate that the additional limitations added by claims 29 and 30 
were known at the time the claimed inventions was made. Without regard to 
whether Bachman discloses the limitations added by claims 29 and 30, it is 
submitted that Bachman does not suggest or disclose computer executable 
instructions for transmitting a session token, received along with a request, directly 
to a second server, as required by claim 23. 
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Since it is submitted that neither Williams, nor Wood, nor Bachman, 
nor a combination of Williams, Wood and Bachman suggest or disclose computer 
executable instructions for transmitting a session token, received along with a 
request, directly to a second server, it is further submitted that the computer 
program products of claims 29 and 30 are patentable over Williams in view of 
Bachman. It is respectfully requested that the Examiner withdraw the rejection of 
claims 29 and 30 as obvious. 

Favorable reconsideration and allowance of this application are 
respectfully requested. 

Respectfully Submitted, 
Sladjana Petrovic 




Place: Toronto, Ontario, Canada 
Date: February 6, 2008 
Tele No.: 416-868-1482 
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